Critical Review of the Swedish Data Act

as of the year 1998

The Swedish Data Act is in conflict with freedom of speech. If they act was fully implemented, almost the whole Swedish branch of the Internet would become illegal. A law which is not implemented causes a rich for corruption. The law should be written to regulate only what it is written to regulate, i.e. real person data bases.

This text is based on a Swedish-language summary of the data act, provided by the Data Inspection Agency. A somewhat longer Swedish-language version of this text is available  Rating . That version contains numerous links to source documents (mainly law texts in Swedish) which are not provided in this English translation. / Jacob Palme 6 July 1998.


Definition of a personal information base?

Official definition: Anyone who stores personal information on a computer must have a license from the Data Inspection Agency.

JP comment: Note that the Data Act has its own definition of a personal information base. Outside the law, this word is used to designate a systematic collection of personal information with a common structure. But the Data Act regards every single storage of any piece of information about a person as a personal information base. For example, if person A sends an e-mail to person B, this is a personal information base, since the persons A and B are specified. If the text mentions a third person, then the letter becomes a personal information base for that person, too.

The Data Inspection Agency has on some occaisions said that storing information with permission from the person is OK. This would mean that if I send an e-mail to B, I must first get the permission from B to send him or her an e-mail. And it means that I can never write anything, which is critical about any person, for example a politician or a public servant, without his or her permission!

When is permission requested before storing personal information in a computer?

Official definition: Some kinds of storage of personal information requires permission in advance from the Data Inspection Agency. Such a permission will include instructions of what can be stored and how the stored information can be used. To use the personal information base in other ways is illegal. Three kinds of storage is illegal:

  • Storage of sensitive information and opinions about a person.

JP comment: Such sensitive information is, for example, political and religiuous views and medical information. This means that you must have a permission, before stating your views on political or religiuous issues on the Internet. This is contrary to the Swedish constitution, which says that the right to communicate political and religious views should espeically be protected.

  • Storage of information about persons who have no connection to the data base owners. By connection is meant employees, customers or students in a school.

JP comment: This means that permission is required for biographies, memoirs mentioning other people, e-mail to person, with whom you do not have one of these kinds of relations, political discussion, in which the acts or opinions of a politician is meantioned.

  • Co-ordination and matching of two or more personal information data bases.

JP comment: By "co-ordination and matching" means any transfer of information from one personal information data base to another. All e-mail, which is sent through Internet, will include such matching, since both the e-mail system for the sender and the recipient are personal information data bases.

The Data Inspection Agency has sometimes regarded such co-ordination especially serious, if one of the data bases resides in a country which has not signed the computer law convention of the Council of Europe  Rating . This means many countries, to which you are not allowed to send e-mail!

Other clauses in the Data Act

Official definition: Each organisation must keep a current list of its personal information data bases.

A private citizen ins entitled, once a year, to get, without cost, a listing of personal information in order to check that the information in the data base is correct.

JP comment: This means that all information data bases must be organized, so that it is possible to find all mention of a certain person. All information about a person must be marked with social security number, complete name, or other identification. To write, in an e-mail, "my mother has been comitted to a hospital", will in many ways be illegal. Firstly because it is not easy to find all such e-mail, if the person is described in this way. Secondly because information about illnesses of a certain person is only allowed after permission from the Data Inspection Agency.

If any piece of information is incorrect or misleading, it must be corrected or removed.

JP comment: I feel a certain sympathy for a law, which would make it illegal to lie. But why should such a law only cover information which is transmitted through a computer? Why not forbid all other lying, too? Has the lawmakers seriously considered how society would work, if all lying was forbidden, and if the authorities really enforced such a law?

Sometimes adherence to the law is enforced:

Now, you may wonder: Is this funny law really enforced. The answer is "yes, sometimes". I have, myself, been ordered  by the Data Inspection Agency to shut down a BBS  Rating .Later on, the agency permitted the BBS, if we promised not to discuss political and religious issues in it. Note that the Swedish constitution  Rating says that the rights to communicate on political and religious matters is of special importance.

At the same time, the Data Inspection Agency decided that all messages in this BBS must be erased after two years. This can be compared to a law, requiring libraries to burn all books which are older than two years!

An author, who asked the Data Inspection Agency for permission to use a computer to write a book, was refused. The author appealed to the Swedish government, which reversed the decision by the Data Inspection Agency. This does not, however, mean that there is no conflict betwee the Data Act and the freedom of speech. The opinion of the Swedish government is that only authors, journalists and artists are exempted in this way, not ordinary people.

But often, the law is not enforced:

Surely more than 99 % of all documents on the Internet, which according to the Data Act are not permitted without permission from the Data Inspection Agency, do not have such permission. In reality, the Data Inspection Agency acts to enforce the law, only in very few cases. Those who try to be lawful by asking for permission are persecuted, while those who just ignore the law are usually allowed to continue. And this is good, since strict enforcement of the law would make almost the whole Swedish branch of the Internet illegal.

Should the Data Act be abolished?

The basic principle in the Data Act: restrictions on personal information data bases, is not wrong. For example, the collection of, and selling of, personal information which is done by certain Internet information providers should be regulated. What is wrong is that the Data Act ins written in such a way, that it covers much more than it was really intended to control.

The Act should be changed, so that only systematic, organized collections of personal information, and which is used for actions which concern an individual (such as approval of loans, employment, legal actions, medical actions, direct marketing and other business activities) is covered. Information data bases which are easily used for undue spying on individuals should also be covered.

But other infringement of privacy in documents (text, pictures, sound) on the Internet are better handled by the laws abou libel, than by the Data Act.

The new Personal Information Act, which will replace the Data Act on the 25th of October, 1998, is unfortunately not much better. It introduces the very funny idea that freedom of speech is only needed for authors, journalists and artists, not for ordinary people.

The Swedish BBS Act  Rating

More about Swedish attempts to regulate the Internet  Rating

Other documents of interest.  Rating

Give your own rating of the quality of this web page:
(Awful) Awful!    (Mediocre) Mediocre    (Average) OK   (Good) Good    (Great) Superior